- Examine, evaluate, and document internal controls based on various security standards (NIST CSF, SOC2, ISO-27001, etc.)
- Lead IT-related audits and examinations conducted by external parties
- Align policies, standards and procedures with compliance objectives
- Prepare metrics and reports for management on the status of GRC objectives
- Evaluate and respond to customer/prospect questions and audits. Assist in aligning compliance reports and public-facing Trust Page to reduce the overall number of customer requests
- Remain up to date on current security laws, regulations and standards
- Represent the GRC Team by participating directly with projects and provide guidance, requirements and documentation for security-related purposes when requested
- Create, evaluate, document and maintain standards, processes and procedures relative to security and privacy
- Engage with management to identify possible resolutions to control weaknesses and opportunities for improvement.
- Perform GRC recurring tasks as required
- Provide consultative guidance and oversight to project teams to design, develop, deploy and sustain solutions that meet compliance requirements, including but not limited to a set of technical deliverables, cost, schedule, quality, and status reporting
- Assist in selecting, configuring and/or administering program via GRC tools
- Prepare, update and maintain customer-facing documentation
- Assist with building and/or testing integrations and automations with SaaS/IaaS platforms to collect evidence for security audits and monitor for security configurations
- Assist with developing configuration monitoring capabilities for SaaS and IaaS platforms
What We’re Looking For
- Degree or equivalent in Computer Science or related field
- 5-8 years of experience in Information Security with a specialization in one area of GRC
- Co-create and help articulate Information Security strategy across the company
- A broad understanding of all security domains, CISSP or similar certification preferred
- Experience working with engineering teams to understand issues and prioritize remediations
- Proficiency with common information security frameworks including SOC2, NIST CSF, and ISO 27001
- Demonstrated ability to collaborate effectively across teams
- Familiarity and experience with IT/Security/GRC toolset, such as : Jira, Confluence, Whistic, GRC platforms,risk ratings tools, data collection tools
- Ability to analyze empirical evidence and technical reports, identify root causes, recommend solutions, prioritize projects according to risk and compliance drivers, and drive technical projects through to completion.
- Familiarly with different cloud concepts and tooling including AWS, GCP
- Experience in a remote-first and distributed environment
- Someone willing to adapt to change in a fast moving environment
- Experience with cloud-native pre-IPO startup companies
- Experience with AWS security services and tooling
WHAT WE OFFER:
- The chance to work in a fast-paced start-up environment with experienced industry leaders
- A learning environment where you can dive deep into the latest technologies and make an impact
- Competitive salary and equity
- 100% paid medical and dental and 95% paid vision insurance for employees starting on your first day
- 401k (with match), commuter benefits
- Industry-leading parental leave policies
- Generous wellness reimbursement and weekly onsite programs
- Flexible vacation policy – work with your manager to take time off when you need it
- Employee giving match
- Modern office in San Francisco’s Financial District
- Fully-stocked kitchen with organic snacks, beverages, and coffee drinks
- Weekly company meeting – ask me anything style discussion with our Leadership Team
- Team outings to sports games, happy hours, game nights and more!
Ripple is flexible-first: Ripplers have the option to work remotely, from our offices, or a combination.
WHO WE ARE:
Ripple is doing for value what the internet did for information: enabling its instant and seamless flow around the world. We call this the Internet of Value (IoV). Using blockchain and cryptocurrency technology, Ripple is dedicated to creating powerful gains in financial efficiency, equity and inclusion. In addition, Ripple is developing and enabling the future use cases that will catalyze the new digital economy for governments, businesses and consumers.
Ripple has offices in San Francisco (HQ), New York, London, Mumbai, Singapore, São Paulo, Reykjavík, Washington D.C. and Dubai.